From 19127fd42ddf19d9eb4335ce0ff10f25c920ebee Mon Sep 17 00:00:00 2001
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: Tue, 25 Sep 2012 10:58:40 +0300
Subject: [PATCH] AVRCP: Fix handler lookup for undefined control PDU ids

The lookup table of handlers is not NULL terminated which in case of an
undefined id may lead to read invalid memory out of the table area.

To fix this the id 0x00 is now used as delimiter.
---
 audio/avrcp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/audio/avrcp.c b/audio/avrcp.c
index 7258e7abd..e7d6771c8 100644
--- a/audio/avrcp.c
+++ b/audio/avrcp.c
@@ -1086,7 +1086,7 @@ static size_t handle_vendordep_pdu(struct avctp *session, uint8_t transaction,
 		goto err_metadata;
 	}
 
-	for (handler = handlers; handler; handler++) {
+	for (handler = handlers; handler->pdu_id; handler++) {
 		if (handler->pdu_id == pdu->pdu_id)
 			break;
 	}
-- 
2.47.3